Catalyst 4000 and DHCP [7:62632]
hi all, we just upgraded our network to a switched, a catalyst 4006 to be exactsome users have been getting 'no domain server available ' error message. they usually have to try more than 4 - 6 times to successfully log on to the network. has anybody come across this problem before? what work around did u use besides configuring static ip addresses? thanks for your response(s) in advance Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62632&t=62632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 4000 and DHCP [7:62632]
the problem is dhcp...the client doesnt get an ip address hence the no domain controllererror message. i have enabled portfast on a few of the ports and i am waiting to get results on mondayi will keep u posted. regards, Tunde - Original Message - From: "Priscilla Oppenheimer" To: Sent: Friday, February 07, 2003 11:22 PM Subject: RE: Catalyst 4000 and DHCP [7:62632] > Waters, Kristina wrote: > > > > I am curious as to whether anything else got upgraded besides > > the new > > switch. I got the impression that this wasn't a problem before > > the upgrade, > > in which case portfast could definitely be the culprit. > > However, you could > > also see this error if DNS is improperly configured in a win2k > > domain. Also, > > I'm not sure about this, but if the 4006 has a sup3 or sup4, > > could the > > problem be related to layer 3? > > Sure it could. He says all that he did was put a switch in, but there's a > good chance he did more than that, but we may never know... Sigh. But a new > switch might imply that he also put in VLANs, a L3 module, etc. > > When people send in questions, it would be nice if they would send in enough > info so we could do more than guess. It would be nice if they would provide > a follow-up also and let us know what the problem really was and what fixed > it. > > Some people can't stand the "out of the office" messages. > > I can't stand the messages that ressemble someone calling their doctor on > the phone and saying no more than, "Hey doc, I'm tired. Why?" > > Now, if you go to the doctor in person, this might be OK because then the > doctor can examine you. Here the analogy falls apart. We can't examine > someone else's network. However, the wise poster will communicate info to us > about their examination of their network to help us help them. (This isn't > targetted at the original poster specifically, who did supply at least some > info.) > > Troubleshooting should be done systematically. It's not a guessing game. > > Hope we learn more about what the issue was! It could be educational for > many of us. > > Priscilla > > > > > Kris > > > > > > > > -Original Message- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > Sent: Friday, February 07, 2003 1:24 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Catalyst 4000 and DHCP [7:62632] > > > > > > Tunde Kalejaiye wrote: > > > > > > hi all, > > > > > > we just upgraded our network to a switched, a catalyst 4006 > > to be > > > exactsome users have been getting 'no domain server > > > available ' > > > error message. they usually have to try more than 4 - 6 times > > to > > > successfully log on to the network. > > > has anybody come across this problem before? what work around > > > did u use > > > besides configuring static ip addresses? > > > thanks for your response(s) in advance > > > > Your message title implies that there's a problem with DHCP, > > but then your > > message text implies that the problem is with Windows > > networking, > > specifically a client trying to reach the domain controller? (I > > assume you > > mean the Windows type domain server and not the IP Domain Name > > System.) > > > > So, verify for yourself and us that DHCP is working first. If > > the failure is > > with DHCP, try the stuff other folks recommended. Enable > > portfast so that > > the clients can start receiving replies to their DHCP request > > ASAP. Also, > > you may need a helper address, depending on where your DHCP > > server is > > located. Feel free to send us more info about your topology and > > configuration. > > > > Then, you have to get Winblows working. I did have all sorts of > > problems > > getting this to work with a consulting client who had upgraded > > to VLANs. > > Unfortunately, he fixed the problems in the end without my > > help, so I don't > > know the details, one of the frustrating things about being a > > consulant. (A > > lot of help that is. ;-) But you could look through some Group > > Study > > messages from about a month ago. A bunch of folks had ideas to > > help. I think > > the title of the thread was something about Windows Networking. > > > > Here's one message that a wise person on the list sent' I've > > forgotten who, > > sorry. > > > &
Re: Catalyst 4000 and DHCP [7:62947]
The problem was sorted with portfasta big thankyou to all that helped and all that criticised Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62947&t=62947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written exercise question [7:63247]
cluster id looks a little out of place for me - Original Message - From: "lee wooi keat" To: Sent: Tuesday, February 18, 2003 10:50 AM Subject: CCIE written exercise question [7:63247] > All, > > I'm preparing CCIE written exam and encounter some tricky questions in > exercise. Would like to ask for help for those who can solve it: > 1) Which one is NOT Well-known attribute for BGP ? > - local preference > - origin > - weight > - community > - cluster-id > > You can only choose one out of 5. > > > > > > > _ > Protect your PC - get McAfee.com VirusScan Online > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63257&t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP [7:64080]
what do you need at a minimum to configure voip in a lab enviroment.. i need a basic setup between 2 points thanks in advance Tunde - Original Message - From: "Angel Leiva" To: Sent: Friday, February 28, 2003 10:11 PM Subject: RE: VOIP [7:64080] > Hi Kris, > > Try Configuring Cisco Voice Over IP, Second Edition by Callisma (Various > Authors). > > Below is the URL to view the book's info. I am currently reading it. It has > lots of great information on VoIP matters. > > In fact, Chapter 4 explains what exactly FXS, FXO or E&M interface ports do. > > http://www.syngress.com/catalog/sg_main.cfm?pid=2282 > > Hth, > > Angel > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Waters, Kristina > Sent: Friday, February 28, 2003 8:48 AM > To: [EMAIL PROTECTED] > Subject: VOIP [7:64080] > > Everyone, > > I am seeking a recommendation on a voip book, preferably something that > explains the different types of technologies and how they can be applied > 'in the real world'. Right now, we are doing some very rudimentary voip > stuff with a variety of routers, 1760, 2600, and a 3600 seriers which is > connected to a pri. > > We have no call manager (yet), so we have a bunch of dial-peer groups set up > on all our routers to interconnect the remote offices. All offices have > their own pbx's of different types, and most of the routers at the remote > locations have the vic fxs cards. > > I feel like this is a good opportunity for me to learn a great deal, but I > want to make sure that I REALLY understand what I am learning. And right > now, for example, I have no idea what the difference is between an FXS card > and an E&M card. I'm starting to feel a bit like the village voip idiot, and > the tons of docs I've read on the cisco web site do not seem to be helping. > > Any recommendations will be highly appreciated. > > Thanks, > Kris > > > ** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender by email, delete and destroy this message and its > attachments. > ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64245&t=64080 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DNS, CiscoWorks and HP NNM [7:65308]
add all the interfaces for each router into the host file or dns serverfor examle: 10.1.1.1uk_router 12.5.4.2uk_router ! ! nnm 6.2 must be able to resolve every ip address to a hostname or it will fall behind in polling. there are several work arounds including a whitepaper that comes with installing a particular patch regards, Tunde - Original Message - From: "Ants" To: Sent: Thursday, March 13, 2003 3:19 PM Subject: DNS, CiscoWorks and HP NNM [7:65308] > Hi, > We're looking to implement NNM6.x soon.. and have a question re. DNS and > cisco ip addresses.. > How will DNS be setup to resolve a router with multiple IP adresses? ie. one > netbios name and multiple IP's? will it prioritise? > thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65362&t=65308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need a Management Software [7:66666]
Jagan, a software called 'whatsupgold' will do just fine. it costs about $700. this includes 1 yr support and subscription which is optional. http://www.whatsupgold.co.uk/ Tunde - Original Message - From: "Jagan Krishnaraj" To: Sent: Wednesday, April 02, 2003 10:10 AM Subject: Need a Management Software [7:6] > Hello Group > > One of my customers need a Management software. > > The management software should mail / page / sms network admin of > > CISCO switch port status UP / Down and switch down status. > > Can any body advise me a good cheap commercial SNMP management software > with these features. > > Thanks You in advance > > Regards > jagan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66691&t=6 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS 3.0 [7:69564]
Hi, Edit the group setings, under Max Sessions > change the radio button under 'Sessions available to users of this group' and type in 1. you can also do this under the user setup. that should do the trick. regards, Tunde - Original Message - From: "Mamoon Dawood" To: Sent: Tuesday, May 27, 2003 1:41 PM Subject: ACS 3.0 [7:69564] > Dear All, > > We did configure a ACS 3.0 TACACS system on an AS5300 for one of our > customers, the client configuration was based on the Windows 2000 > Accounts database, > Now the problem is that when a user dial-in to the AS5300 and > authenticated, he can use the same username and password to log-in from > different PC while the first session is still connected, we think this > is not good as a security wise, > Please help us make the user log-on only onece at a time, > > Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69571&t=69564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless 350 bridge problem [7:57827]
try using a spectrum analyser to determine if there is a strong RF interference from somewhere close bythis is probably ur best bet. Tunde - Original Message - From: "Cisco Breaker" To: Sent: Thursday, November 21, 2002 9:04 AM Subject: Wireless 350 bridge problem [7:57827] > Hi All, > > We have installed Aironet 350 series bridges 2 months ago. They were working > fine until yesterday. Bridges are on the top of two buildings and they > were and are clearly seeing each other, freshnel zone okey. But yesterday > morning the network was gone. We have controlled the settings and set up the > bridges again. Checked that if they can see each other, yes. But it doesn't > work. Bridge link down. Then we have changed the rate to only 1 Mbit, found > a really clear channel and it started to work but really in a bad mood. The > client bridge was associating and then disappearing every 1 minute. Now the > wireless network is down. > > Has anybody faced a problem like this? > > Any help will be highly appreciated. > > Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57834&t=57827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Secure ACS [7:58101]
hi, i upgraded my acs 2.6 to a 3.0 when i read ur mail in reference to changing user passwords. i cant seem to get this working...i cant find attributes 17 and 21 in the acs configuration. any info is highly appreciated. thanks - Original Message - From: "Elijah Savage III" To: Sent: Tuesday, November 26, 2002 8:52 PM Subject: RE: Cisco Secure ACS [7:58101] > I had this same issue a while back but at least you got yours to work, > the max sessions I think was just coincidence. Because with our 3030 > concentrators this did not work and we were told by TAC that Radius with > Expiry with 2.6 ACS would not work but this was fixed in version 3.0. We > upgraded to 3.0 and haven't looked back nice product CISCO way to go. > Just for others interested so you do not travel the same hard road but > FUNK Radius Steel belted did not support the changing of passwords > because they did not know how to pass the right attirbutes back to the > client through the cisco device. I was told by a 3rd level engineer from > Funk that they are working on it but finding it hard to work with > Microsoft because of some agreement Cisco has with Microsoft but they > should have it working 1st qtr of next year. Just FYI for those who > care. > > -Original Message- > From: Mahmood [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 8:07 AM > To: [EMAIL PROTECTED] > Subject: Cisco Secure ACS [7:58101] > > > I have a problem with User-Changeable Password in Cisco Secure ACS > version 2.6 on my 2000 server. When I get online with my username and > want to change my password, It don't let me, and give me a "Login > Failed" error. But if I change the Max Sessions to 2 ot higher, ev ery > thing work fine. What's the problem? > > Any help would be appreciated. > Mahmood Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58450&t=58101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Secure ACS [7:58101]
The radius server is used to authenticate windows dial-up users using broadband. I want the radius acct password to expire so that the user can change it themselves without help from the administrator. - Original Message - From: "Elijah Savage III" To: "Tunde Kalejaiye" ; Sent: Tuesday, December 03, 2002 6:26 PM Subject: RE: Cisco Secure ACS [7:58101] Exactly what capacity are you using the Radius box in? I use my radius box with a Cisco 3030 concentrator all users logging in via vpn are authenticated against the concentrator. There is nothing special you have to do on the radius box to allow for changing of passwords upon expiration, but on the concentrator you MUST make sure you are set to use Radius with Expiry. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 11:38 AM To: Elijah Savage III; [EMAIL PROTECTED] Subject: Re: Cisco Secure ACS [7:58101] hi, i upgraded my acs 2.6 to a 3.0 when i read ur mail in reference to changing user passwords. i cant seem to get this working...i cant find attributes 17 and 21 in the acs configuration. any info is highly appreciated. thanks - Original Message - From: "Elijah Savage III" To: Sent: Tuesday, November 26, 2002 8:52 PM Subject: RE: Cisco Secure ACS [7:58101] > I had this same issue a while back but at least you got yours to work, > the max sessions I think was just coincidence. Because with our 3030 > concentrators this did not work and we were told by TAC that Radius > with Expiry with 2.6 ACS would not work but this was fixed in version > 3.0. We upgraded to 3.0 and haven't looked back nice product CISCO way > to go. Just for others interested so you do not travel the same hard > road but FUNK Radius Steel belted did not support the changing of > passwords because they did not know how to pass the right attirbutes > back to the client through the cisco device. I was told by a 3rd level > engineer from Funk that they are working on it but finding it hard to > work with Microsoft because of some agreement Cisco has with Microsoft > but they should have it working 1st qtr of next year. Just FYI for > those who care. > > -Original Message- > From: Mahmood [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 8:07 AM > To: [EMAIL PROTECTED] > Subject: Cisco Secure ACS [7:58101] > > > I have a problem with User-Changeable Password in Cisco Secure ACS > version 2.6 on my 2000 server. When I get online with my username and > want to change my password, It don't let me, and give me a "Login > Failed" error. But if I change the Max Sessions to 2 ot higher, ev ery > thing work fine. What's the problem? > > Any help would be appreciated. > Mahmood Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58544&t=58101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Taking Wireless LAN Support Specialist on Sunday [7:58691]
i have more of a question...what study material did you use?...i am doing the CWNA instead. - Original Message - From: "Jim Tickle" To: Sent: Friday, December 06, 2002 5:00 PM Subject: Taking Wireless LAN Support Specialist on Sunday [7:58691] > Two weeks ago I though it would be fun to take the Cisco Wireless LAN > Support Specialist certification exam, so I went ahead and scheduled it for > this Sunday. Now I'm looking at the test date looming. Does anybody have > any notes or suggestions before I go? > > The Tick > > > > - > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58696&t=58691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange problem of route table [7:59533]
all static routes have an AD of 1...whether it is using ur interface or not. all directly connected interface have an AD of 0 - Original Message - From: "Munit Singla" To: Sent: Thursday, December 19, 2002 4:44 PM Subject: Strange problem of route table [7:59533] > Hi all, > Can anybody tell me when I add static route to my default network it shows > with Administrative distance of 1,whereas we know that static routes to our > own interface have AD. of zero. > Example > C 10.77.152.128/25 is directly connected, FastEthernet1/0 > S* 0.0.0.0/0 [1/0] via 10.77.152.129 > is directly connected, FastEthernet1/0 > > Its showing here with administrative distance of 1 the route with default > gateway of FastEthernet1/0. > Please do clear me where I am wrong > Thanx in advance > Munit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59537&t=59533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Solarwinds Professional [7:62121]
raj, solarwinds will not give u a map. try whatsupgold http://www.ipswitch.com/ it is very good, cheap and easy to use Tunde - Original Message - From: "Raj" To: Sent: Wednesday, January 29, 2003 6:26 PM Subject: Solarwinds Professional [7:62121] > I have installed solarwinds prof. However, i was looking out for a graphical > map of my network which seems to be missing. > It has done a network discovery but is displaying the devices in a list > form. > > Does anybody know if I could open another program included in solar. prof. > to see a map or it lacks this functionality? > > If it does, i would like suggestions for any other programs(for eval) which > display good network maps/discovery. > > thank you > raj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62170&t=62121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS upgrade/Strange services [7:53492]
Some services are enabled by default on some ios's but are disabled by default on others. after accessing ur vulnerability with the scanner...lock down the router by disabling the unecessary services. i would have thot the 12.2(11)T - IP/FW/IDS/3DES will come with most services specifically disabled. have u tried the router audit tool (rat)?...awesome!...u not only get theh vulnerable services running, also get the fix! http://www.networkingfiles.com/Network/ciscoiosrouterbenchmark.htm Tunde - Original Message - From: To: Sent: Wednesday, September 18, 2002 4:29 PM Subject: RE: IOS upgrade/Strange services [7:53492] > Enter the IP address of the interface of the router I used Cisco Secure > Scanner, but have also used Nmap. > > Prior to the upgrade these "services" weren't running. > > -Original Message- > From: Tunji Suleiman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 18, 2002 8:09 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: IOS upgrade/Strange services [7:53492] > > > How do u run a scan on a router interface? > > Regards > > > >From: "[EMAIL PROTECTED]" > >Reply-To: "[EMAIL PROTECTED]" > >To: [EMAIL PROTECTED] > >Subject: IOS upgrade/Strange services [7:53492] > >Date: Tue, 17 Sep 2002 16:02:02 GMT > > > >I've recently upgraded one of our routers to 12.2(11)T - IP/FW/IDS/3DES. > >After upgrading I ran a scan against the interface, using Secure Scanner, > >and it came back with a lot of services running Cu-seeme, talk, tftp, > >rpc-nfs, rwho, etc... (about 16 total). Scanning prior to the upgrade, > >came back with nothing. I'm a little worried that this new image is > >leaving > >me open. Has anyone experienced this and if so how did ya fix it. > > > >Thanx, > >mkj > > > >~~~ > >Michael Jablonski > >ABN AMRO Asset Management Holdings, Inc. > >161 North Clark St. > >9th Flr > >Chicago, IL 60601-2468 > >PH: 312.884.2996 > >FAX: 312.278.5550 > >~~~ > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53557&t=53492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Input errors on catalyst 3548 [7:53957]
what could be the cause of large input errors on a catalyst switch? regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53957&t=53957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoWorks2000 and snmp problems [7:54865]
I had the same problem before...it had to do with ATA flash disk and ciscoFlashMIB check here for the work around. http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml - Original Message - From: "bi.s" To: Sent: Friday, October 04, 2002 2:25 PM Subject: CiscoWorks2000 and snmp problems [7:54865] > hi, > > i am interested if there is someone using cw2k and has c7200 vxr with > npe-400. > do you have problems with snmp on the routers? on other routers? > it looks like there is a problem with snmp causing high cpu on routers > and bringing the network down. > > has someone this problems? how did you solve them? > ios upgrading doesnt help and the cisco case was closed without a fix. > > is snmp-server view cutdown an option > (http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml). > > any experiences with that? > > thanks > -bis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54869&t=54865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX DNS Issue [7:72685]
I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72685&t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Client cannot connect [7:73276]
I am using a vpn client version 4.0.1, i connect to internet using an adsl modem and i dial my network using the client. the problem is after i put in my logon details into the logon screen..the connection times outwithout ever connecting. i have pasted the router config, the debug cry isa output and the cisco vpn client logg. your help will be highly appreciated. regards, Tunde [B]router config[/B] service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname router ! logging buffered 4096 debugging aaa new-model ! ! aaa authentication login default local aaa authentication login userauthen local aaa authentication enable default enable aaa authorization commands 15 default local aaa authorization network groupauthor local aaa session-id common enable secret 5 $1$.fkm$4O8.dVegwONw0eriy2Hzb/ enable password 7 02020555020303 ! username test password 7 09584B1A0D memory-size iomem 15 ip subnet-zero no ip source-route ! ! ip domain-name rock ip name-server 192.168.123.3 ip name-server 192.168.123.13 ip name-server 192.168.123.15 ! no ip bootp server ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 ! crypto isakmp policy 30 encr 3des authentication pre-share group 2 crypto isakmp key cisco123 address x.x.x.x ! crypto isakmp client configuration group remotevpn key cisco123 dns 192.168.123.3 wins 192.168.123.2 domain rock.com pool VPN ! ! crypto ipsec transform-set cabweb esp-des esp-md5-hmac crypto ipsec transform-set vpn-transform-set esp-3des esp-sha-hmac crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! crypto dynamic-map dynmap 30 set transform-set vpn-transform-set ! ! crypto map cabweb client authentication list userauthen crypto map cabweb isakmp authorization list groupauthor crypto map cabweb client configuration address respond crypto map cabweb 10 ipsec-isakmp set peer x.x.x.x set transform-set cabweb match address 111 crypto map cabweb 30 ipsec-isakmp dynamic dynmap ! ! ! ! interface Ethernet0 ip address 1.1.1.1 255.255.255.248 ip nat outside no ip mroute-cache full-duplex no cdp enable crypto map cabweb ! interface FastEthernet0 ip address 192.168.123.252 255.255.255.0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside no ip mroute-cache speed 100 half-duplex ntp disable no cdp enable standby 2 ip 192.168.123.1 standby 2 priority 150 standby 2 preempt ! ip local pool VPN 192.168.123.180 192.168.123.200 ip nat inside source list IP-NAT interface Ethernet0 overload ip nat inside source static 192.168.123.13 1.1.1.2 ip nat inside source static 192.168.123.2 1.1.1.3 ip nat inside source static 192.168.123.3 1.1.1.4 no ip classless ip route 0.0.0.0 0.0.0.0 1.1.1.6 ip route 0.0.0.0 0.0.0.0 192.168.123.4 100 no ip http server ip pim bidir-enable ! ! ip access-list standard IP-NAT deny 192.168.123.3 deny 192.168.123.2 deny 192.168.123.15 deny 192.168.123.13 permit 192.168.0.0 0.0.255.255 ! access-list 111 permit ip 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 no cdp run ! line con 0 exec-timeout 0 0 password 7 1416160E0E0B3D2A282D line aux 0 line vty 0 4 password 7 0507071820425D0617 ! no scheduler allocate end [B]debug output[/B] 2d06h: ISAKMP (0:2): retransmitting phase 1 AG_INIT_EXCH... 2d06h: ISAKMP (0:2): incrementing error counter on sa: retransmit phase 1 2d06h: ISAKMP (0:2): retransmitting phase 1 AG_INIT_EXCH 2d06h: ISAKMP (0:2): sending packet to 81.134.114.66 (R) AG_INIT_EXCH 2d06h: ISAKMP (0:0): received packet from 81.134.114.66 (N) NEW SA 2d06h: ISAKMP: local port 500, remote port 500 2d06h: ISAKMP (0:3): (Re)Setting client xauth list userauthen and state 2d06h: ISAKMP: Locking CONFIG struct 0x814F42E0 from crypto_ikmp_config_initialize_sa, count 3 2d06h: ISAKMP (0:3): processing SA payload. message ID = 0 2d06h: ISAKMP (0:3): processing ID payload. message ID = 0 2d06h: ISAKMP (0:3): processing vendor id payload 2d06h: ISAKMP (0:3): vendor ID seems Unity/DPD but bad major 2d06h: ISAKMP (0:3): vendor ID is XAUTH 2d06h: ISAKMP (0:3): processing vendor id payload 2d06h: ISAKMP (0:3): vendor ID is DPD 2d06h: ISAKMP (0:3): processing vendor id payload 2d06h: ISAKMP (0:3): vendor ID seems Unity/DPD but bad major 2d06h: ISAKMP (0:3): processing vendor id payload 2d06h: ISAKMP (0:3): vendor ID seems Unity/DPD but bad major 2d06h: ISAKMP (0:3): processing vendor id payload 2d06h: ISAKMP (0:3): vendor ID is Unity 2d06h: ISAKMP (0:3): Checking ISAKMP transform 1 against priority 30 policy 2d06h: ISAKMP: encryption... What? 7? 2d06h: ISAKMP: hash SHA 2d06h: ISAKMP: default group 2 2d06h: ISAKMP: auth XAUTHInitPreShared 2d06h: ISAKMP: life type in seconds 2d06h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B 2d06h: ISAKMP: attribute 14 2d06h: ISAKMP (0:3):
VPN Client cannot connect [7:73350]
Hi all, my set up is a vpn client connection to a cisco ios router. i can connect using an old version of the vpn client (3.6.4a) but i cannot connect using the newer versions (4.0.1 & 4.0.2)i actually get to the stage of putting in my username and password but nothing happens after that and it eventually times out. I have pasted the vpn clients loggs. alll inputs are appreciated. regards, Tunde Cisco Systems VPN Client Version 4.0.2 (B) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.0.2195 11315:11:19.082 08/01/03 Sev=Info/4 CM/0x6312 Begin connection process 11415:11:19.082 08/01/03 Sev=Info/4 CM/0x6314 Establish secure connection using Ethernet 11515:11:19.082 08/01/03 Sev=Info/4 CM/0x63100024 Attempt connection with server "217.37.10.173" 11615:11:19.082 08/01/03 Sev=Info/6 IKE/0x633B Attempting to establish a connection with 217.37.10.173. 11715:11:19.122 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to 217.37.10.173 11815:11:19.192 08/01/03 Sev=Info/4 IPSEC/0x6378 IPSec driver successfully started 11915:11:19.192 08/01/03 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 12015:11:19.773 08/01/03 Sev=Info/5 IKE/0x632F Received ISAKMP packet: peer = 217.37.10.173 12115:11:19.773 08/01/03 Sev=Info/4 IKE/0x6314 RECEIVING >> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, VID(?), VID(Unity)) to 217.37.10.173 12815:11:19.823 08/01/03 Sev=Info/4 IKE/0x6382 IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4 12915:11:19.823 08/01/03 Sev=Info/4 CM/0x631E Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system 13015:11:19.893 08/01/03 Sev=Info/5 IKE/0x632F Received ISAKMP packet: peer = 217.37.10.173 13115:11:19.893 08/01/03 Sev=Info/4 IKE/0x6314 RECEIVING >> ISAKMP OAK TRANS *(HASH, ATTR) to 217.37.10.173 13515:11:22.957 08/01/03 Sev=Info/5 IKE/0x632F Received ISAKMP packet: peer = 217.37.10.173 13615:11:22.957 08/01/03 Sev=Info/4 IKE/0x6314 RECEIVING >> ISAKMP OAK TRANS *(Retransmission) to 217.37.10.173 14215:11:30.208 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:HEARTBEAT) to 217.37.10.173 14315:11:30.208 08/01/03 Sev=Info/6 IKE/0x6352 Sent a keepalive on the IKE SA 14415:11:50.237 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:HEARTBEAT) to 217.37.10.173 14515:11:50.237 08/01/03 Sev=Info/6 IKE/0x6352 Sent a keepalive on the IKE SA 14615:12:10.265 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:HEARTBEAT) to 217.37.10.173 14715:12:10.265 08/01/03 Sev=Info/6 IKE/0x6352 Sent a keepalive on the IKE SA 14815:12:30.294 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:HEARTBEAT) to 217.37.10.173 14915:12:30.294 08/01/03 Sev=Info/6 IKE/0x6352 Sent a keepalive on the IKE SA 15015:12:48.370 08/01/03 Sev=Info/4 CM/0x6316 Abort connection attempt before Phase 1 SA up 15115:12:48.370 08/01/03 Sev=Info/4 IKE/0x6301 IKE received signal to terminate VPN connection 15215:12:48.370 08/01/03 Sev=Info/4 IKE/0x6317 Marking IKE SA for deletion (I_Cookie=492CE06BE33C37A0 R_Cookie=EADFFC9A257201A9) reason = DEL_REASON_RESET_SADB 15315:12:48.370 08/01/03 Sev=Info/4 IKE/0x6313 SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 217.37.10.173 15415:12:48.380 08/01/03 Sev=Info/4 IKE/0x634A Discarding IKE SA negotiation (I_Cookie=492CE06BE33C37A0 R_Cookie=EADFFC9A257201A9) reason = DEL_REASON_RESET_SADB 15515:12:48.380 08/01/03 Sev=Info/5 CM/0x63100025 Initializing CVPNDrv 15615:12:48.831 08/01/03 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 15715:12:48.831 08/01/03 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 15815:12:48.831 08/01/03 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 15915:12:48.831 08/01/03 Sev=Info/4 IPSEC/0x637A IPSec driver successfully stopped Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73350&t=73350 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com
VPN Client [7:74205]
hi guys, will a vpn client that can run 3DES connect to a router running DES? if no is it still possible to get the DES version? cant seem to find it on cisco website. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74205&t=74205 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
